Since there's no check on the _sdAmount in the createLot function; anyone can create a lot with _sdAmount=0;
This will result in users adding bids on lots with sdAmount=0.
And since there's noway/no function for the lots[lotId].highestBidder to withdraw his bid when he discovers that he bidded on nothing; this will lead to the highestBidder losing his ethers! while other users can escape this by calling withdrawUnselectedBid function.
So the ethers of the lots[lotId].highestBidder of this lot will be locked in the Auction contract, and he will not get any SD tokens in return.
Proof of Concept
Instances: 1
File: 2023-06-stader/contracts/Auction.sol
Line 51: lots[nextLot].sdAmount = _sdAmount;
Tools Used
Manual Testing.
Recommended Mitigation Steps
Check if _sdAmount > 0 in the createLot function before creating a lot.
Lines of code
https://github.com/code-423n4/2023-06-stader/blob/7566b5a35f32ebd55d3578b8bd05c038feb7d9cc/contracts/Auction.sol#L51
Vulnerability details
Impact
_sdAmount
in thecreateLot
function; anyone can create a lot with_sdAmount=0
;sdAmount=0
.lots[lotId].highestBidder
to withdraw his bid when he discovers that he bidded on nothing; this will lead to the highestBidder losing his ethers! while other users can escape this by callingwithdrawUnselectedBid
function.lots[lotId].highestBidder
of this lot will be locked in theAuction
contract, and he will not get any SD tokens in return.Proof of Concept
Instances: 1
Tools Used
Manual Testing.
Recommended Mitigation Steps
Check if
_sdAmount > 0
in thecreateLot
function before creating a lot.Assessed type
ETH-Transfer